Criminals are banking on post-Thanksgiving turkey-eating coma and Black Friday shopping frenzy in the US to trick American internet users to click through to malware posing as a $50 iTunes gift certificate.

(Black Friday is the name given to the Friday after US Thanksgiving, when frenzied seasonal shopping typically starts.)

The research team from German email security provider elevenwrote on Monday about a wave of emails allegedly containing vouchers to the iTunes Store.

The spoofed email is purportedly from the iTunes Store, the subject line reads iTunes Gift Certificate, and the message includes an attachment that supposedly contains a certificate code:

The attachment is a ZIP file containing malware. (Sophos detects this file as Mal/BredoZp-B.)

As the holidays ramp up, so do scams like this. It’s understandable that cash-strapped holiday shoppers might be click-happy enough to try to lighten their holiday with $50 worth of free music, video and games.

Avoiding click-candy like this phony iTunes certificate is one way to keep cyber-safe over the holidays.

Here are some other things to watch out for, adapted from a list posted by USA Today:

* Beware bogus forms. Beware emails and pop-up messages that ask you to type your account username and password, credit card number or personal information such as Social Security number and date of birth. Legitimate organizations don’t solicit sensitive information via email.

* Don’t blindly believe urgent, personalized warnings. Phishers often claim that you need to take urgent action with official organisations such as IRS (taxation), Social Security or the Department of Motor Vehicles.

* Don’t fall for that cute-baby photo. Even if you recognise the sender’s name, don’t open attachments. Distrust all email until and unless you’ve verified that the sender actually intended you to get the message and can vouch for its content.

Happy Thanksgiving, stay safe, and may your holiday shopping sprees be festooned with real coupons and real deals, not stinkers like this iTunes bait.

Post navigation

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.

One comment on “Fake iTunes gift certificate delivers a load of malware for Black Friday shoppers”